This privacy policy sets out how danielmiessler.com collects, uses, and protects any information that you either explicitly or automatically send when using this website. I, Daniel Miessler, am deeply concerned with your privacy as a visitor of this website, and the following sections will give details about how any and all data is handled.

For the most part this site is read-only, however there are a number of functions that can and do collect information as a function of what they are. These include:

Cookies Data: Regular use of the Internet involves the sending and receiving of cookie data, and this is true for this site as well. No special attempt to harvest cookie data is being made on this site, and no attempt is ever made to correlate visitor data with real people or identities. DISQUS does some of this as a normal part of its functionality, which is discussed above and in its privacy policy below, but this is unrelated to this site.

IP Data: Another natural part of Internet use is the sending of source IP data to the destination server—in this case, danielmiessler.com. Just as with cookie data, no attempt is ever made to link source IP addresses to people. The only way source IP data is used on this site is indirectly by analytics frameworks that are part of the web stack. Each of these will be mentioned below, with links to their privacy policies.

Ads: I use a sponsorship rather than an ad model, so there is no ad JavaScript running anywhere. It’s just the link in the sidebar of each post.

Here I will cover how logs are handled, which may contain both cookie and IP address data.

Access to the site is logged in a standard fashion using the web server logs (Nginx in this case). These logs may contain cookie and IP address data, as is standard with most web log formats.

Access to this server is restricted to very few people (myself and one other person), and log data has never been requested—nor provided to—any third party. The server itself is a Virtual Private Server (VPS) hosted with AWS.

As mentioned earlier, no log data will ever be used to attempt to link cookies or IP addresses to actual people, and this log data will never be provided to third parties under any circumstances.

While it’s not possible to guarantee this site’s security (and you should be cautious of anyone who offers such a claim), a great number of measures have been taken to ensure that this server cannot be penetrated without authorization. These include the use of limited accounts, regular security updates, regular security assessments, and the use of hardened remote access options.

We do not collect or handle data beyond what is described above, so we do not believe that we have any specific GDPR challenges. If you are from the EU, however, and have any questions about anything above, please feel free to reach out to us. We will do what we need to in order to be compliant with the law.